CVE-2025-24407

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p11 and earlier

Description: The issue is related to insufficient authorization mechanisms in Adobe Commerce, allowing a remote attacker to bypass security restrictions. An attacker could exploit this to perform actions with permissions that were not granted, without requiring user interaction.

Recommendations: For Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p11 and earlier, consider restricting access to sensitive features until a patch is available. As a temporary workaround, review and limit user permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.